Vulnetix
Try Vulnetix Request Demo
ALPINE-CVE-2018-7750 PUBLISHED CVSS 9.800000190734863 CRITICAL

transport.py in the SSH server implementation of Paramiko before 1.17.6, 1.18.x before 1.18.5, 2.0.x before 2.0.8, 2.1.x before 2.1.5, 2.2.x before 2.2.3, 2.3.x before 2.3.2, and 2.4.x before 2.4.1 does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

Risk Scores

CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products

VendorProductVersions
Alpine:v3.11py3-paramiko0, 1.10.1-r0, 1.11.0-r0
Alpine:v3.13py3-paramiko2.0.2-r0, 0, 1.10.1-r0
Alpine:v3.12py3-paramiko0, 1.10.1-r0, 1.11.0-r0
Alpine:v3.14py3-paramiko0, 1.11.0-r0, 1.12.0-r0

Timeline

References

Open in Interactive Console →